asked Her Majesty's Government:
In respect of HM Treasury, (a) on how many occasions in the last year malicious programs have compromised departmental computer systems; and, for each occasion, how many machines were affected; how long it took to remove the programs from the system; and what was the impact on the department's activities; (b) what penetration tests have been carried out of information systems over the last year and what were the results, indicating in each instance whether the tests were carried out independently of the providers of the system concerned; and (c) on how many occasions in the last year the departmental management team has considered information risk. [HL2441]
On no occasion in the last year have malicious programmes compromised Treasury computer systems. In the calendar year 2006, every information system was independently tested at least once. It would not be appropriate on grounds of security to publish the results. Information risk is considered by the Treasury's audit committee at quarterly intervals.